<?
require_once("../config/dbconn.php");
//判定二级密码
$msg='';
if ($action=='yzpwd1'){
	if (trim($hypwd1)=='') $msg="请输入二级密码";
	else{
		$sqlhy="select * from {$db_prefix}admin888 where id='".$_SESSION['sys_adminid']."'";
		$rshy=$db->get_one($sqlhy);
		if (authcode($rshy['pwd1'],"DECODE")!=$hypwd1){
			$msg="二级密码验证失败";
			echo "<script>alert('$msg'),history.back();</script>";exit();
		}else{
			$_SESSION['sys_adminpwd1']=authcode($hypwd1,"ENCODE");
			echo "<script>location.href='{$curfilename}';</script>";exit();
		}
	}
}
$hypwdok=0;
////////////////////////////////////////////////////////////////////////////////
if (!$url){
	if($_SESSION['sys_adminpwd1']){
		//是否与会员的二级密码相对应
		$sqlhy="select * from {$db_prefix}admin888 where id='".$_SESSION['sys_adminid']."'";
		$rshy=$db->get_one($sqlhy);
		if (authcode($rshy['pwd1'],"DECODE")==authcode($_SESSION['sys_adminpwd1'],"DECODE")){
			$hypwdok=1;
		}
	}
	
	if ($hypwdok==0){
		$curfilename=basename($_SERVER['SCRIPT_FILENAME']);
		echo "<script>location.href='pwd1cls.php?url={$curfilename}';</script>";exit();
	}
}


if ($hypwdok==0){
	if($url) $curfilename=$url.".php"; else $curfilename=basename($_SERVER['SCRIPT_FILENAME']);
?>
<Br /><Br />
<div align="center">
<form action="" method="get"><input name="curfilename" type="hidden" value="<?=$curfilename?>" /><input name="action" type="hidden" value="yzpwd1" />
请输入二级密码： <input name="hypwd1" type="password" id="hypwd1"><input type="submit" value="确定" name="B1" /> <span style="color:#FF0000"><?=$msg?></span></form>
</div>
<?
	exit();
}
?>